|
348241
|
- |
|
secureideas
|
basic_analysis_and_security_engine
|
Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspeci…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4839
|
2012-07-3 13:00 |
2010-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348242
|
- |
|
acid
secureideas
|
analysis_console_for_intrusion_databases
basic_analysis_and_security_engine
|
Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2,…
|
CWE-89
SQL Injection
|
CVE-2005-3325
|
2012-07-3 13:00 |
2005-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348243
|
- |
|
php
|
php
|
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2001-1247
|
2012-06-25 13:00 |
2001-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348244
|
- |
|
perforce
|
perforce_server
|
Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command.
|
CWE-22
Path Traversal
|
CVE-2010-0933
|
2012-06-15 13:00 |
2010-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348245
|
- |
|
3com
|
3cp4144
|
3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, allows remote attackers to bypass port access restrictions by connecting to an approved port and quickly connecting to the desired…
|
NVD-CWE-Other
|
CVE-2002-0888
|
2012-05-12 10:16 |
2002-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348246
|
- |
|
apple
|
iphone_os
|
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element.
|
CWE-20
Improper Input Validation
|
CVE-2010-1181
|
2012-03-30 13:00 |
2010-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348247
|
- |
|
emc
|
networker
|
EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly …
|
NVD-CWE-Other
|
CVE-2002-0113
|
2012-03-30 10:14 |
2002-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348248
|
- |
|
emc
|
networker
|
EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: th…
|
NVD-CWE-Other
|
CVE-2002-0114
|
2012-03-30 10:14 |
2002-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348249
|
- |
|
linux
|
linux_kernel
|
The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a de…
|
CWE-399
Resource Management Errors
|
CVE-2007-6733
|
2012-03-19 13:00 |
2010-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348250
|
- |
|
cacti
|
cacti
|
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a va…
|
CWE-89
SQL Injection
|
CVE-2010-2092
|
2012-02-16 13:04 |
2010-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
